Malicious code in CCleaner compromised more than 2 million computers

PUBLISHED Mon, September 18, 2017 - 6:35pm EDT
Screenshot of CCleaner (Credit: Piriform)

A malicious code was inserted into a version of computer clean-up tool CCleaner, creating a backdoor in more than 2 million computers and potentially allowing those responsible to take control of the devices, the company said on Monday.

The breach was discovered on September 12 when Piriform - the company that created CCleaner - discovered that its software was sending data to an unknown IP address. An investigation revealed that two programs released in August had been "illegally modified" before being released to the public.

The breach affects CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems. About 2.27 million computers are believed to have installed the compromised software, although it's still unclear whether hackers took control of any of the devices.

In a technical description, the company explained that CCleaner.exe had been modified to create a two-stage backdoor capable of running code sent by those responsible. It also sent encrypted data to the hackers, providing them with the computer's name, a list of installed software to include Windows updates, a list of running processes, MAC addresses, and the status of administrator privileges.

Paul Young, the vice president of products at Piriform, said in a blog post on Monday that the server used by the hackers was taken down and other potential servers are 'out of their control.' Users of version 5.33.6162, however, have been advised to update to the latest version while users of CCleaner Cloud received an automatic update.

"At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it," Young said. "The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis."

Young apologized to users of CCleaner and said the company is taking "detailed steps internally" to prevent such a breach from happening again. "If you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher," he added.

CCleaner was first released in 2003 and allows people to delete temporary or potentially unwanted files to help optimize their computer. Piriform, which was acquired by Avast in July, says CCleaner has been downloaded more than 2 billion times, with an average of 5 million new users every week.

  London, England     





Happening Now

U.S. FCC votes to repeal net neutrality rules

WATCH LIVE:  FCC expected to vote on repealing its net neutrality rules

Democrat Doug Jones wins U.S. Senate election in Alabama

Strong earthquake hits near Kerman in southeast Iran

Suspect in New York subway bombing acted on behalf of ISIS


Listen to "BNO News - Breaking News Radio" on Spreaker.


Just want the important news? Sign up now for the fastest email alerts from BNO News. Click here to get started!


U.S. FCC votes to repeal net neutrality rules

Democrat Doug Jones wins U.S. Senate election in Alabama

Strong earthquake hits near Kerman in southeast Iran

Small plane crash into home in San Diego, at least 2 injured

Massive fire erupts in Chicago’s Bridgeport neighborhood


Large explosion in China’s port city of Ningbo kills at least 2

Mount Agung erupts on Indonesia’s Bali island, some flights canceled

Woman in Italy rescued after being held captive for 10 years

False alarm causes mass panic on London’s Oxford Street

Militants attack mosque in Egypt’s Sinai, killing at least 235